After chatting with @RCheesley a bit more about this, I’ve realised that another helpful thing I could do is share a list of mitigation tools/strategies, without associating them with specific risks.
I am not suggesting that all communities should use all these things, or that there aren’t other things they should use. This is not intended as a definitive list. If anyone feels they have an unacceptable level of unmitigated risk, feel free to post here and we can discuss options.
So here is the list, in no particular order:
Terms of service which are:
comprehensive
relevant
up to date
easy to find and access
Terms of service which may:
specifically exclude the furnishing or soliciting of data from children
publicise the visibility to admins of all content (including PMs and chat)
Internal whistle blowing policies
Robust moderation practices undertaken by trained personal and may include:
the swift take down of illegal content
forcing manual registration approval
mandating rich profiles with enforced fields, including real names
This seems like an area where Discourse could offer more feature support.
By default, Discourse permits private messaging at Trust Level 1, which users can reach automatically, without moderator intervention, by reading 30 posts in 5 topics over 10 minutes.
Most forum moderators only read private messages if someone in the thread flags a post. So, if two people don’t object to communicating over PM (e.g. consensually exchanging porn, or successfully grooming a minor), moderators won’t be flagged, and the thread won’t be reviewed.
It would be a good first step to be able to limit access to private messages to users who affirm that they’re over the age of 18. (This could be a simple checkbox, or it could include an age-gating mechanism compliant with the Online Safety Act.)
Right now it seems like our only available tool is to allow members of a specific group to send PMs, which means users would have to navigate to the group’s page and click “Request” to request access to the group. (And they’d need to find that button, a tall order.) And then a moderator would have to manually add the user to the group.